Menu
I need to execute a php script from the command line, but if I call directly "php5 myfile.php", I will have some security issue (mainly the openbasedir restrictions and the user&group rights).
So I'd like to execute that php file from the same constraints as a fpm process (/etc/php5/fpm/pool.d/specific_process.conf). This process has a sock file at /var/run/php5-fpm-specific.sock, which, I believe, would be constrained like in the conf file (same user&group, some php_admin_value, etc).
But I can't see how I can do that from the command line, and by giving some arguments.
I tried something like :
php5 --bindpath /var/run/php5-fpm-specific.sock -f /path/to/my/file.php param1 param2
But of course it does not work. How can I do ?
Note: The file I'm calling expects some parameters (here, param1 and param2).
Thank you for your help.
226
Each site is also deployed with a PHP-FPM resource pool, which is owned by the site user. This prevents PHP scripts from reading or modifying files outside of the current site's root directory. Meaning, if a malicious user were to gain access to a site on your server, they would be unable to infect other sites.
As PHP-FPM receives a proxied connection, a free PHP-FPM worker accepts the web server's request. PHP-FPM then compiles and executes the PHP script, sending the output back to the web server. Once a PHP-FPM worker finishes handling a request, the system releases the worker and waits for new requests.
You will need the executable cgi-fcgi (in Debian part of the libfcgi0ldbl package), then you can do it by executing this command (this is one line with \ escaping the newlines, you should be able to paste this to your shell like this):
SCRIPT_NAME=/file.php \
SCRIPT_FILENAME=/path/to/my/file.php \
REQUEST_METHOD=GET \
QUERY_STRING=param1=x\¶m2=y \
cgi-fcgi -bind -connect /var/run/php5-fpm-specific.sock
You will then receive the output, as it would be sent to the HTTP server, so it will include the HTTP headers, for example for a script containing <?php echo "The time is ", date("H:i:s");:
Content-type: text/html
The time is 13:46:35
There are a couple of more parameters but these are the most essential ones (see how they map to the $_SERVER array, that's what's happening in the background):
SCRIPT_NAME this is the script name as it is seen from the HTTP side. In my example the file could have been accessed via http://localhost/file.php
SCRIPT_FILENAME this is the local path to the script -- it's what the HTTP server will usually determine from the URL, here you need to specify it yourselfQUERY_STRING can be used if you also want to pass in something that would be after the ? in a URL, be aware that we are in a shell, so you'd need to escape the ampersand like this: \&
See also:
96
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
